1

I am still having trouble hashing my pictures when I upload them . I have this code :

$target_dir = "images/uploads/";
$target_file = $target_dir . basename($_FILES["fileToUpload"]["name"]);
$uploadOk = 1;
$imageFileType = pathinfo($target_file,PATHINFO_EXTENSION);
   hash_file('sha256', $target_file );

  // Check if image file is a actual image or fake image

      if(isset($_POST["change"])) {

    move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file);
    $sql = "UPDATE users SET userPic = '".$_FILES['fileToUpload']['name']."' WHERE username = '" . $username . "'";

    $check = $conn->query($sql);

    if($check !== false) {
    echo "<a href = profile.php> Profile pciture has been changed </a>" . 
    $check["mime"] . ".";
    $uploadOk = 1;

    } else {
    echo "File is not an image.";
    $uploadOk = 0; 
    }
    } else {

     echo"did not change";

     }

and I am getting this error :

Warning: hash_file(images/uploads/english_royal_family_tree.jpg): failed to open stream: No such file or directory

I have been trying for more than a week . No one is really helping and people just keep on voting down my question and aren't giving any help . Can someone please help me ?

Improve this question
12
  • So, why do you hash file before creating it? Commented Jan 27, 2018 at 17:47
  • check the permissions then and make sure the path is correct and it does exist. Commented Jan 27, 2018 at 17:47
  • @u_mulder I've tried every way I possibly can . That was the last way I tried so that's why I posted the code that way . Commented Jan 27, 2018 at 17:49
  • $target_file does not exist when you call hash_file, you should call hash_file after move_uploaded_file, it's a simple logic, isn't it? Commented Jan 27, 2018 at 17:50
  • 1
    Then check result of move_uploaded_file, if it's false then your file failed to copy. Commented Jan 27, 2018 at 17:52

1 Answer 1

Reset to default
3

Firstly, hash_file() is expecting a file to already exist and you're trying use that method before the file gets uploaded; that's why your code failed and threw you that error.

What you need to do is to see if that file exists and then hash it.

If this is really want you want to do, then you can base yourself on the following and remember to store the renamed file while retaining its original extension; there are links at the end of the answer.

Note: As I mentioned in comments, you need to hash the file and not the whole destination folder and the file. That would be impossible to retrieve.

Echo the variable for what was assigned to hash_file(). You will also get your hash name (only) shown minus its extension.

Check for errors and make sure the folder has been granted proper permissions.

<?php 

// check for errors
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);

$file_name = $_FILES['fileToUpload']['name'];
$sent_file = move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file);

 if (file_exists("images/uploads/" . $_FILES["fileToUpload"]["name"]))
  {
  echo $the_file = $_FILES["fileToUpload"]["name"] . " exists.";
  
    // its new location and hashing the filename only.
   $var = hash_file('sha256', $the_file );
   echo $var;
   
   // store your renamed file here in your database
   // using the assigned $var variable.
  
  }

Also check for errors on the query with mysqli_error($conn).

However, you're going to end up with problems here to show that image, since now and for example in using "file.jpg" will produce the following hash:

cf80cd8aed482d5d1527d7dc72fceff84e6326592848447d2dc0b0e87dfc9a90

I don't know how you plan on showing the image(s), but it will no longer keep the .jpg extension.

In order to retain the image's file extension, you basically need to rename the uploaded file(s).

Here are a few good references on Stack (that I've had success with in the past) that you can look at and implement it in your code. :

There is indeed no better way to learn, IMHO.

Edit:

This is an excerpt from a script I wrote recently. Base yourself on the following.

Note: You shouldn't use hashing methods such as anything from the SHA family or MD5 as the file name, since those produce the same hash and has no uniqueness to them.

Important: If people upload from a mobile device, most of them have "image.jpg" as the default name, so it needs to be renamed and given a unique method.

Using the date and time is one way. You can also add uniqid() to it by assigning a variable to it and append to the new file name, or a combination of MD5 and uniqid() is a good bet.

You will need to do a few modifications to it of course. The $year variable is something I used but you can get rid of those instances and replace them with your own.

$year = date("Y");
$pdf_file = $_FILES['fileToUpload']["name"];

$uploaded_date = date("Y-m-d_h-i-s_A"); // this could be another unique method.

$target_dir = "../upload_folder/" . $year . "/";

$ext = explode('.',$_FILES['fileToUpload']['name']);
$extension = $ext[1];

$newname = $ext[0].'_'.$uploaded_date;

$full_local_path = $target_dir.$newname.'.'.$extension;
$new_full_name = $newname.'.'.$extension;

    if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $full_local_path)) {
        echo "The file ". $newname . " has been uploaded.";
        echo "<hr>";

$file_link = "/upload_folder/$year/$new_full_name";

    // other code such as saving to a database...

    }
Improve this answer
Sign up to request clarification or add additional context in comments.

13 Comments

Would everything make sense and be safe if I don't hash the images ?
@JacobsJohnson I don't see the need really to do that, unless you want to not let people know the original filename or its location. What social networks use are rewriting methods that hide the original filename and is a bit more complex. If you're looking for uniqueness, then rename the file as the hash, or use another hashing method and there are many and ones that don't require to fetch a file even before it's uploaded or exists.
Well I'll leave it how it is because there's no conflict . But thanks for your answer
@JacobsJohnson I've made an edit to the answer. Reload it and look under Edit:. Note that I didn't write it all out for you, I want you to learn from it. You will get success, just keep at it and concentrate.
Do I need to add the $year in my database ?
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.